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1)E3 Responsive to communication(s) filed on 05 September2007 . 

2a)Q This action is FINAL. 2b)l3 This action is non-final. 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 
Response to Arguments 

1. Applicant’s arguments, see Remarks, filed September 5, 2007, with respect to 
the rejections of claims 1 - 27 have been fully considered and are persuasive. 
Therefore, the rejection has been withdrawn. However, upon further consideration, a 
new grounds of rejection is made. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

3. Claims 1-26 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Shambroom US Patent 5,923,756. Referring to claims 1, 27 and 28, Shambroom 
teaches: 

a. Authenticating a device on the basis of key data (column 7, lines 6-9). 

b. Generating a key on the basis of data received from the authenticating 
means (column 11, lines 1-4). 

c. Providing first and second data to the key generating means (column 10, 
lines 39-41) and generating the key using only one of said first or second data 
(column 11, lines 1-4). 
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4. Referring to claim 2, Shambroom teaches that the key data is unique to the 
device (column 10, line 65). By definition a session key is unique to that session with 
the device. 

5. Referring to claim 3, Shambroom teaches a function module having a first input 
parameter and a second input parameter and generating said key data by using only 
said first data, and the authenticating means enters said first data and said second data 
as the first and second input parameters (column 11, lines 1-4). 

6. Referring to claim 4, Shambroom teaches that said authenticating means 
provides identification data relating to processing to be performed after said 
authentication (column 10, lines 32-34). 

7. Referring to claim 5, Shambroom teaches providing unique data unique to said 
device to be authenticated received from said device (column 10, lines 39-41), and uses 
the unique data received to generate the key data (column 1 1 , lines 1-4). 

8. Referring to claim 6, Shambroom teaches that the server is executing the steps 
of the parent claims (column 10, lines 48-49) and is therefore executing the 
authentication program of claim 6. 

9. Referring to claim 7, Shambroom teaches that the authenticating means provides 
the key generating means with the unique data read from the storage means shared 
between them (column 11, lines 1-4). Since the authenticating means and generating 
means are in the same device there would be storage shared between them. 




Application/Control Number: 10/791,760 
Art Unit: 2132 



Page 4 



10. Referring to claim 8, Shambroom teaches reading out and holding a master key 
(column 10, lines 49-51), and the key generating means calls up the holding means and 
uses the master key to generate the key data (column 1 1 , lines 1-4). 

1 1 . Referring to claim 9, Shambroom teaches that the key holding means is 
executed by a key holding program (column 10, lines 48-49). 

12. Referring to claim 10, Shambroom teaches that the key holding program is 
updated independently from the programs realizing said authenticating means and key 
generating means (column 10, lines 49-51). The information is passed and then held at 
the client in a separate step from the key generating and authentication step. Therefor it 
is updated independently. 

13. Referring to claim 11, Shambroom teaches the key generating means selecting 
a key generation algorithm defined in accordance with a plurality of processing contents 
and generates said key data based on said selected key generation algorithm (column 
7, lines 25-51). 

14. Referring to claim 12, Shambroom teaches performing authentication with the 
device to be authenticated (column 12, lines 35-36) and when mutual legitimacy is 
confirmed, performs processing corresponding to said key data in cooperation with said 
device to be authenticated (column 12, lines 37-42). 

15. Referring to claim 13, Shambroom teaches performing first authentication using 
fixed key data (column 11, lines 1-4) and performing second authentication using 
individual key data (column 12, line 55). The password (key) may be shared with a 
plurality of devices if the user logs on to a plurality of devices. 
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16. Referring to claim 14, Shambroom teaches performs first processing linked with 
the fixed key data after confirming legitimacy (column 1 1 , lines 1-4) and performs 
second processing linked with said individual key data after confirming the legitimacy of 
the device in the second authentication (column 12, lines 55-58). 

17. Referring to claim 15, Shambroom teaches holding original key data linked with 
the second authentication (column 12, lines 41-42), and generating an individual key 
based on the unique data received from the device and the original key data (column 
12, lines 55-56). The original key used for decrypting the individual key would not be 
accessed without using the unique information received from the device. 

18. Referring to claim 16, generating said individual key data based on the original 
key data received (column 12, lines 55-56). 

19. Referring to claim 17, Shambroom teaches: 

d. Receiving first and second data (column 10, lines 39-41). 

e. Generating a key using only one of said first and second data (column 1 1 , 
lines 1-4). 

f. Authenticating the device on the basis of the key data (column 12, lines 
35-36). 

20. Referring to claim 18, Shambroom teaches that the key data is unique to the 
device (column 10, line 65). By definition a session key is unique to that session with 
the device. 

21 . Referring to claim 19, Shambroom teaches a function module having a first input 
parameter and a second input parameter and generating said key data by using only 
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said first data, and the authenticating means enters said first data and said second data 
as the first and second input parameters (column 11, lines 1-4). 

22 Referring to claim 20, Shambroom teaches providing unique data unique to said 
device to be authenticated received from said device (column 10, lines 39-41), and uses 
the unique data received to generate the key data (column 1 1 , lines 1-4). 

23. Referring to claim 21 , Shambroom teaches reading out and holding a master key 
(column 10, lines 49-51), and the key generating means calls Up the holding means and • 
uses the master key to generate the key data (column 1 1 , lines 1-4). 

24. Referring to claim 22, Shambroom teaches that the key holding program is 
updated independently from the programs realizing said authenticating means and key 
generating means (column 10, lines 49-51). The information is passed and then held at 
the client in a separate step from the key generating and authentication step. Therefor it 
is updated independently. 

25. Referring to claim 23, Shambroom teaches: 

g. Receiving first data and second data (column 10, lines 39-41). 

h. Generating the key using only one of said first data or said second data 
(column 11, lines 1-4). Providing the key data to the authenticating program is 
inherent since the authenticating and generating programs are embodied in the 
same program. Once it is generated, it is also provided. 

26. Referring to claim 24, Shambroom teaches that the key data is unique to the 
device (column 10, line 65). By definition a session key is unique to that session with 
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27. Referring to claim 25, Shambroom teaches a function module having a first input 
parameter and a second input parameter and generating said key data by using only 
said first data, and the authenticating means enters said first data and said second data 
as the first and second input parameters (column 11, lines 1-4). 

28. Referring to claim 26, Shambroom teaches that the access rights different that 
the authentication program are defined (column 13, lines 5-6). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Cordelia Kane whose telephone number is 571-272- 
7771. The examiner can normally be reached on Monday - Thursday 8:00 - 5:00 EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 

Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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